Today the PHP, OpenBSD and FreeBSD communities announced updates to
patch a security hole involving their crypt() hashing algorithms. This
issue is described in CVE-2012-2143. This vulnerability also affects a
minority of PostgreSQL users, and will be fixed in an update release on
June 4, 2012.

Affected users are those who use the crypt(text, text) function
with DES encryption in the optional pg_crypto module. Passwords
affected are those that contain characters that cannot be
represented with 7-bit ASCII. If a password contains a character
that has the most significant bit set (0x80), and DES encryption
is used, that character and all characters after it will be ignored.

The PostgreSQL Global Development Group today released
security updates for all active branches of the PostgreSQL
database system, including versions 9.1.5, 9.0.9, 8.4.13 and
8.3.20. This update patches security holes associated with
libxml2 and libxslt, similar to those affecting other open
source projects. All users are urged to update their
installations at the first available opportunity

Users who are relying on the built-in XML functionality to
validate external DTDs will need to implement a workaround, as
this security patch disables that functionality. Users who are
using xslt_process() to fetch documents or stylesheets from
external URLs will no longer be able to do so. The PostgreSQL
project regrets the need to disable both of these features in
order to maintain our security standards. These security issues
with XML are substantially similar to issues patched recently
by the Webkit (CVE-2011-1774), XMLsec (CVE-2011-1425) and PHP5
(CVE-2012-0057) projects.

Today the PHP, OpenBSD and FreeBSD communities announced updates to
patch a security hole involving their crypt() hashing algorithms. This
issue is described in CVE-2012-2143. This vulnerability also affects a
minority of PostgreSQL users, and will be fixed in an update release on
June 4, 2012.

Affected users are those who use the crypt(text, text) function
with DES encryption in the optional pg_crypto module. Passwords
affected are those that contain characters that cannot be
represented with 7-bit ASCII. If a password contains a character
that has the most significant bit set (0x80), and DES encryption
is used, that character and all characters after it will be ignored.